diff --git a/mft/auth.py b/mft/auth.py
index c4c1fbc..307b25b 100644
--- a/mft/auth.py
+++ b/mft/auth.py
@@ -2,6 +2,7 @@ from fastapi import Depends, HTTPException, status
 from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
 
 from mft.database import get_db
+import hashlib
 
 
 security = HTTPBearer()
@@ -23,6 +24,7 @@ def verify_token(
         HTTPException: If token is invalid or disabled
     """
     token = credentials.credentials
+    token_hash = hashlib.sha256(token.encode()).hexdigest()
 
     with get_db() as conn:
         cursor = conn.cursor()
@@ -32,7 +34,7 @@ def verify_token(
             FROM auth
             WHERE token = ?
             """,
-            (token,),
+            (token_hash,),
         ).fetchone()
 
         if result is None or not result["enabled"]: